What happens when hundreds of millions of Facebook users’ data is compromised
- The personal data of 533 million Facebook users from 106 countries, which appears to be years old, including phone numbers and emails, has been leaked
- It was initially being sold on instant messaging platform Telegram for a fee of US$20 per search
Over half a billion Facebook users have had their data, including names, birth dates, and phone numbers have been leaked to a hacker website and it has been happening since 2019. Having been left unnoticed, experts claim the breach to be the biggest one yet by the social media giant.
According to Business Insider, which first reported on the leak, the data set is said to contain information on 533 million users from 106 countries. It appears to be years old and was first discovered making the rounds in hacker circles in January 2019 by Alon Gal, CTO of cybercrime intelligence firm Hudson Rock. The database was initially being sold on instant messaging platform Telegram for a fee of US$20 per search.
Facebook had then said that it had patched the vulnerability that has caused the leak. But in June 2020 and then in January 2021, the same database was leaked again. There are records for more than 32 million accounts in the United States (US), over 11 million in the United Kingdom (UK) and Malaysia, respectively, and six million in India, according to Gal. The data leaked included names, mobile numbers, emails, gender, occupation, city, country, marital status, and others.
Hudson Rock even showed CNN Business the phone numbers of two of its senior staff which is included in the database. “This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019,” Facebook spokesperson Andy Stone told CNN on Saturday. Facebook however did not say if it notified affected users at the time, but a spokesperson tweeted that the data was from an old leak.
Despite its age, the data set could provide valuable information to identity thieves and other scammers. “Bad actors will certainly use the information for social engineering, scamming, hacking, and marketing,” Gal said in a tweet on Saturday.
Phone number, Facebook ID, Full name, Location, Past Location, Birthdate, (Sometimes) Email Address, Account Creation Date, Relationship Status, Bio.
Bad actors will certainly use the information for social engineering, scamming, hacking and marketing.
— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
The social networking giant has grappled with several privacy and security issues over the years. Earlier in 2019, security researchers found more than 540 million Facebook user records, including comments and likes, in a public database on Amazon’s cloud servers. Later that year, TechCrunch reported on a server that contained several databases filled with more than 419 million Facebook records from users in the US, UK, and Vietnam. Within the same year, a security researcher discovered a trove of data anyone could access online that contained more than 267 million Facebook users’ phone numbers, names, and user IDs.
The cost of social data being sold
Arguably the world’s most popular social media network with more than two billion monthly active users worldwide, Facebook stores enormous amounts of user data, making it a massive data wonderland. Every day, we feed Facebook’s data beast with mounds of information. Every 60 seconds, 136,000 photos are uploaded, 510,000 comments are posted, and 293,000 status updates are posted.
Data breaches have unfortunately become a common occurrence today. Some breaches have a wide-reaching impact when compared to others, and as bad as this is for the impacted consumers, it puts a toll on digital businesses too. For giants like Google, Facebook, Microsoft, and Apple, a data breach could cost them from US$2 billion to more than US$10 billion in damages, according to reports. Although not enough to send them looking for bankruptcy lawyers, but more than enough to get their attention.
Researchers with Privacy Affairs analyzed hundreds of listings last year on the dark web, where hackers routinely exchange stolen credentials. A hacked Facebook account goes for US$74.50 on average, while Instagram accounts averaged US$55.45 and Twitter logins went for US$49 on average.
- Personal details of 106 million international travelers to Thailand exposed
- Embedded finance ensures BNPL is not making banks irrelevant
- Only a third of developers truly understand the security policies they work with
- There’s a gender barrier to mobile phone ownership in Asia – and it matters
- Advocating a sustainable environment with modern technologies